nope.
could be used (echo request/echo reply) as a covert channel . . . . but i guess you
think of that as another kind of attack . . .
At 11:17 AM 6/23/00 -0400, Carric Dooley wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>Just a thought: Would there really be any other reason besides an
>attack or testing to have a really large ICMP packet?
>
>Carric Dooley
>Network Security Consultant
>
>"I have often regretted my speech, never my silence."
>- - Xenocrates (396-314 B.C.)
>
>
>
>- ----- Original Message -----
>From: "Sorin Florea" <[EMAIL PROTECTED]>
>To: <[EMAIL PROTECTED]>
>Cc: <[EMAIL PROTECTED]>
>Sent: Friday, June 23, 2000 9:31 AM
>Subject: Re: ICMP fragments.
>
>
> >
> > I should have mentioned that I work for an ISP and I can't stop
> > echo requests.
> > If someone sends a ICMP pachet large enough I belive it will be
> > fragmented. While tcpdump-ing on one of my router's interface I sow
> > something like that but it stoped fast so I couldn't get "a closer
> > look". I supose it was the ending of a flood.
> >
> > -------------------------
> > Sorin Florea
> > e-mail: [EMAIL PROTECTED]
> > Romania Data Systems
> > Constanta
> > -------------------------
> >
> > On Fri, 23 Jun 2000 [EMAIL PROTECTED] wrote:
> >
> > > On 23 Jun, Sorin Florea wrote:
> > > >
> > > > Is there any reason to let ICMP fragments pass trough my
> > > > firewall? I think ipchains with -f option will kill them but
> > > > only begining with the second.
> > > > I'm also blockin' ICMP protocol unreachable and port
> > > > unreachable. What other ICMP packets can I safely block?
> > > > Thanks.
> > > >
> > > > -------------------------
> > > > Sorin Florea
> > > > e-mail: [EMAIL PROTECTED]
> > > > Romania Data Systems
> > > > Constanta
> > > > -------------------------
> > > >
> > > >
> > > >
> > > > -
> > > > [To unsubscribe, send mail to [EMAIL PROTECTED] with
> > > > "unsubscribe firewalls" in the body of the message.]
> > > >
> > >
> > > ..... ICMP "fragments"? I wasn't aware they existed...
> > >
> > > You can block echo requests, timestamp requests, and address-mask
> > > requests. In fact, you _should_ block those.
> > >
> >
> > -
> > [To unsubscribe, send mail to [EMAIL PROTECTED] with
> > "unsubscribe firewalls" in the body of the message.]
>
>-----BEGIN PGP SIGNATURE-----
>Version: PGPfreeware 6.5.3 for non-commercial use <http://www.pgp.com>
>
>iQA/AwUBOVN/hlUqWOkDpMZ2EQL9QwCguXV2Xc5u9Pm7RNdmX4bbem6OpLIAn2u1
>rOhyjmP9RCoARQaGg2M9/FtL
>=nomf
>-----END PGP SIGNATURE-----
>
>
>-
>[To unsubscribe, send mail to [EMAIL PROTECTED] with
>"unsubscribe firewalls" in the body of the message.]
Dario N. Ciccarone
Internship SE
Cisco Systems
Argentina, Paraguay, Uruguay y Bolivia
Ing. Enrique Butty 240 Piso 17
C1001ABF, Buenos Aires , Argentina
Phone/Vmail: 54-11-4341-0203
Fax: 54-11-4341-0149
mailto:[EMAIL PROTECTED]
Pager: 54 -11-4348-9000 PIN:1268307 or mailto:[EMAIL PROTECTED]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
